DMARC Works

Pages
Categories
- Astronomy
- Bees
- Buddhism
- Cartography
- Computers
- Energy
- Information Security
- Radio
- Search and Rescue
- Stuff
Tags
- Food
- SOTA
- POTA
- LoRa
- Meshtastic
- TAK
- Tech Notes
- JS8
- JS8Call
- Jiobit
- APRS
- HF
- FT4
- CW
- Phone
- Appalachian Trail
- Nextcloud
- CWE-200
- OCSP
- Multi-factor authentication
- ATGP
- ATGP2022
- SWL
- Radio National da Amazonia
- DRM
- China Radio International
- Denge Welat
- All India Radio
- Radio New Zealand Pacific
- Radio Romania International
- WRMI
- Signal
- DMARC
- SPF
- DKIM
- 802.11
- HSMM
- Apache
- Asterisk
- Digital Operations
- dovecot
- httpd
- IMAP
- POP3
- postfix
- SMTP
- XMPP
- High Speed Multimedia Network
- Linux
- Shortwave Radiogram
- MFSK
- 2m
- 70cm
- Summits on the Air (SOTA)
- APRS Golden Packet
- Apple Orchard
- W4V/RA-001
- TLSRPT
- MTA-STS
- Outer Banks
- Hatteras Island
- Fessenden Amateur Radio Society
- Amateur Radio
- North Carolina VIPER
- AMPR
- electric vehicles
- e-mail
- encryption
- opportunistic encryption
- Satellite
- JOSM
- OpenStreetMap
- Jupiter
- Iridium flare
- electric vehicle
- National Park Service
- SARTI
- tracking
- Rocky Knob Recreation Area
- Virginia
- Lost Person Behavior
- security of paper
- solar power
- energy efficiency
- Zen
- electricity
- solar
- Internet
- rant
- Bee Diary
- Video
- WSJT
- FT8
- email
- OpenPGP
- privacy
- confidentiality
- DXing
- NVIS
- Pelican
- SMS
- MMS
- Content Security Policy
- HTTP Headers
- FOSS & Open Source
- Integrity
- Security
- Wordpress
- SARTECH II
- Calvert K9 Search Team
- Pennsylvania
- QRP
- W3/PD-007
- W3/PD-006
- International Space Station (ISS)
- Antennas
- Packet Radio
- Satellite Operations
- Radio New Zealand International (RNZ)
- Voice of America (VOA)
- 6m
- Public Service
- Cryptology
- Awards
- 23cm
- Contesting
- On the Air
- POSM
- High Speed Multimedia Network (HSMM)
- Amateur Radio Emergency Services (ARES)
- Amateur Radio Relay League (ARRL)
- ARRL Maryland-DC Section
- VOA Radiogram
- Xastir
- RHEL 7
- S/MIME
- Straight Key Century Club (SKCC)
- GnuPG
- gpg keys
- key signing
- Apple
- iMessage
- OTR
- tropo
- weak-signal
- callsign
- KF4OTN
- W4OTN
- vanity callsign
- DXCC
- IARU HF Championship
- IOTA
- Scotland
- Asiatic Russia
- Extra Class
- Digital Mobile Radio (DMR)
- SSL
- TLS
- Availability
- CERN
- Coast Marine Radio
- E51JD
- QSLing
- hardening
- SSH
- Tech Note
- British Broadcasting Corporation (BBC)
- Woofferton
- RC4
- Calvert Amateur Radio Association (CARA)
- ARRL Sweepstakes
- Apache HTTPD
- mod_nss
- mod_ssl
- NSS
- 20m
- Net105
- FO-29
- caff
- DNSSEC
- information security
- SouthEast LinuxFest
- Southeast LinuxFest 2014
- IPv6
- CAcert
- X.509
- DSA
- RSA
- Bonocular Messier Logbook
- parabolic antenna
- STARTTLS
- Android
- logging
- Broadband Hamnet
- line-of-sight
- mesh
- microwave
- C4FM
- callsign lookup
- HamQTH.com
- QRZ.com
- Mapbox
- AES
- CA
- certificate authority
- NSA
- spying
- trust
- collaboration
- git
- IRC
- remote collaboration
- svn
- Google
- Gmail
- EFF
- Tor
- VoIP
- GPG
- hkp
- hkps
- Propagation
- Waterway Radio
- RedPhone
- TextSecure
- Whisper Systems
- .tx/config
- Transifex
- Transifex config
- Translations
- HTTPS Everywhere
- git-vim
- vim
- XKCD
- CarrierIQ
- mandatory software
- smartphone
- yum
- SHA-1
- SHA-224
- SHA-256
- SHA-3
- SHA-384
- SHA-512
- ILS
- library software
- radio-programming
- Java
- vulernability
- Shortwave Listening
- Red Hat
- Voice of Russia (VOR)
- Anne Arundel Radio Club
- Africa
- Mutt
- Radio Taiwan International (RTI)
- national traffic system
- National Traffic System (NTS)
- Brass Pounder's League
- jamming
- password security
- pbs newshour
- For Sale
- antenna maintenance
- SKS
- nts
- radiogram
- High Speed Multimedia (HSMM)
- BBS
- voice
- digital communications
- Fedora
- Fedora Project
- FBB
- XFBB
- passwords
- Radio Habana Cuba
- Southeast LinuxFest 2011
- networking
- HP
- scanner
- social media
- accessibility
- authentication
- Yubikey
- nVidia
- Radio Ukraine International
- orchestra
- Deja Dup
- duplicity
- rdiff-backup
- TWUUG
- Southeast LinuxFest 2010
- Guatemala
- Silent Key
- Gibraltar
- WAS
- ARES
- D-Star
- 10m
- Ten-Tec
- Ten-Tec Argosy
- keys
- Kenwood
- Rover
- Tour de Cure
- IM
- Venezuela
- Seth
- ISC
- OpenSSH
- AO-16
- LUKS
- Data at Rest
- WiFi
- KN4KL
- WAC
- November Sweepstakes

DMARC Works

Tue 01 September 2020

Earlier today I received a few notifications of bounced mail from Google. This was odd seeing as how I hadn’t sent any mail to Google in a while. Upon further inspection, the messages originated from an application running on one of my servers. These were password reset messages destined to a real user but were rejected because I hadn’t properly setup SPF and DKIM for this domain and Google had kindly rejected the messages based on my DMARC policy of reject.

I’ve talked about e-mail server security in a previous post and it clearly worked in this case. A quick fix on my server and to a DNS entry fixed this problem, but I wondered if there were other messages that had been rejected recently that I wasn’t aware of.

I use Mailhardener to collect all my security reports regarding e-mail. Reviewing the last few weeks showed that a few Chinese servers had been trying to send mail using my aehe.us domain but had been thwarted by my DMARC policy. The fact that the policies I have in place kept these spam messages out of circulation is a testament to how far we’ve come with easily deployable authentication mechanisms that should be common place on the Internet today.

By Sparks, Category: Information Security

Tags: DMARC / SPF / DKIM /